Jump to content

Welcome to The Bolter and Chainsword
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

Pop Up Blocked - First time from B&C


  • Please log in to reply
13 replies to this topic

#1
Damo1701

Damo1701

    +FRATER DOMUS+

  • + FRATER DOMUS +
  • 1,651 posts
  • Gender:Male
  • Location:Ipswich Suffolk UK
  • Chapter Name: Ravenguard

Hi.

 

I hit the B&C logo to return to the main page from a topic I was reading, and my pop-up blocker caught a pop-up.

 

Thinking it was a PM from somebody, I hit the allow once.

 

However, the following page opened up:

http://jat01.daily-chance.info/AnonymousSurvey/FlirtChat1/index.php?p1=http%3A%2F%2Ftrack.clickbooth.com%2Fc%2Faff%3Flid%3D22763%26subid1%3D55848%26subid2%3DVjN8NTU4NDh8ODU3NjQ1fDY1NTg1MHwxNDk1Mjk1MDA2fDE4MDZhYmVmLWRjYTMtNDBmOC1iNWE4LWM3MTgyZDA1NzhkYXwxNzYuMjUxLjk2LjE3M3wxfDk2MWFhZWRjNGNkOTBjYTQ2NzliNjBhNTM1YzhmYzdl%26subid3%3D%26subid4%3D%26subid5%3D

Just thought you guys ought to be aware if this is a new thing that is happening, and to make others aware to keep their blockers enabled.


Edited by WarriorFish, 20 May 2017 - 07:28 PM.
Link put in code tag

Talons_Reach_MC.jpgOsHHotE.jpgDamo_RG_Tag.pngHHot_H_Damo1701.jpg

#2
Prot

Prot

    ++ EQUES AEDITUUS ++

  • ++ MODERATI ++
  • 11,212 posts
  • Gender:Male
I'd advise you to run MBAM or something similar on your computer to be safe. It looks like you may have experienced a hijack possibly or if you're using certain browser types your java component may be compromised (this is hard for malware scanners to pick up).
  • Damo1701, WarriorFish, Chaplain Dosjetka and 1 other like this

#3
WarriorFish

WarriorFish

    ++ PRÆFECT SOCIORUM ++

  • +++ADMINISTRATUM+++
  • 18,036 posts
  • Gender:Male
  • Location:Blighty
  • Chapter Name: Hunter Legion

Sounds like it's a local issue, but fortunately looks like a so-called PUP? Without being able to replicate or other reports not much can be done, so if anyone has more please update this topic.

 

Good security settings and if possible additions are always recommended for traversing the Internet, things like blocking ads and such can go a long way to aiding protection.


  • Prot and Damo1701 like this

gallery_30308_3239_193.pnggallery_30308_9518_1600.pnggallery_30308_3239_17729.pnggallery_30308_3239_4912.pngETL_Medal_04.gif
Painting Oaths Completed:
gallery_30308_3239_28.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_84.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gif
gallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gif
In the grim predictability of online 40k, there can be only Sun Tzu quotes

SM Cataphractii | IG Commissar | CSM Daemonettes | =][= Inquisitor | AM Knight | DE Sslyth

#4
Damo1701

Damo1701

    +FRATER DOMUS+

  • + FRATER DOMUS +
  • 1,651 posts
  • Gender:Male
  • Location:Ipswich Suffolk UK
  • Chapter Name: Ravenguard
Cheers guys.

I've swept the laptop as advised, and gone through it with a fine toothed comb, and nothing untoward was found.

However, I've not had it happen since after I reset the laptop.

(Perhaps something odd happened after the last Windows update).

I will update if it happens again though.
  • Prot likes this
Talons_Reach_MC.jpgOsHHotE.jpgDamo_RG_Tag.pngHHot_H_Damo1701.jpg

#5
WarriorFish

WarriorFish

    ++ PRÆFECT SOCIORUM ++

  • +++ADMINISTRATUM+++
  • 18,036 posts
  • Gender:Male
  • Location:Blighty
  • Chapter Name: Hunter Legion

What version of Windows are you on? It's possible that it has been quarantined or otherwise dealt with by your system, so I'd keep an eye on things to be on the safe side. Though this is a good course of action post (potential) incident anyway. Do you remember what topic(s) you were on before it happened?


gallery_30308_3239_193.pnggallery_30308_9518_1600.pnggallery_30308_3239_17729.pnggallery_30308_3239_4912.pngETL_Medal_04.gif
Painting Oaths Completed:
gallery_30308_3239_28.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_84.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gif
gallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gif
In the grim predictability of online 40k, there can be only Sun Tzu quotes

SM Cataphractii | IG Commissar | CSM Daemonettes | =][= Inquisitor | AM Knight | DE Sslyth

#6
Damo1701

Damo1701

    +FRATER DOMUS+

  • + FRATER DOMUS +
  • 1,651 posts
  • Gender:Male
  • Location:Ipswich Suffolk UK
  • Chapter Name: Ravenguard
Most recent version of Windows 10, with Chrome as the browser, again, fully updated.

I was coming from the Tactical Reserves thread.

Currently using Chrome on my phone, to check in before bed, so I don't have to get the laptop out.
Talons_Reach_MC.jpgOsHHotE.jpgDamo_RG_Tag.pngHHot_H_Damo1701.jpg

#7
Prot

Prot

    ++ EQUES AEDITUUS ++

  • ++ MODERATI ++
  • 11,212 posts
  • Gender:Male
Just look out for more browser redirects. Chrome and Firefox can show those user based issues that don't show up on many virus scans (I see it quite often buried in prefs.js for Firefox for example).

In the event you have more redirects sometimes a browser reset can be rid of user data based compromised systems but hopefully you're clean. (A system reset as you have done, would typically accomplish this. ) But it can always be a zero day expoloit so please try a system scan again to be safe in a day or two.

Edited by Prot, 21 May 2017 - 01:04 AM.

  • Felix Antipodes and Damo1701 like this

#8
Damo1701

Damo1701

    +FRATER DOMUS+

  • + FRATER DOMUS +
  • 1,651 posts
  • Gender:Male
  • Location:Ipswich Suffolk UK
  • Chapter Name: Ravenguard

Update Time:

 

So, everything is up to date, repeated Avast Scans show negative, a Bitdefender Rootkit scan came up negative, TDSSKiller came up clean, and MalwareBytes found a few redirect issues, which it has since solved.

 

Now, I came back on the B&C, straight after following all the tips and MalwareBytes blocked a site that replaced the B&C after I clicked, from the main page, on the notification bell.

 

A subsequent MWB scan showed that the system is clean, as did another Avast scan.

 

I'm now lost as to what to do, I've reset Chrome, and uninstalled/reinstalled it.  The issue only happens when I am navigating the B&C forum.  Facebook is fine, a vaping forum I visit is fine, and general researching/digital learning sites I'm using for a course, as well as theory practice, is fine.

 

I know it might be my computer somehow, however, as it's not happening elsewhere, I'm kind of stumped now.


Talons_Reach_MC.jpgOsHHotE.jpgDamo_RG_Tag.pngHHot_H_Damo1701.jpg

#9
WarriorFish

WarriorFish

    ++ PRÆFECT SOCIORUM ++

  • +++ADMINISTRATUM+++
  • 18,036 posts
  • Gender:Male
  • Location:Blighty
  • Chapter Name: Hunter Legion

It's possible that it's a targeted one somehow, for example to IP.Board sites? Unfortunately there's little we can do remotely, have you tried completely clearing your Internet cache/temporary files? It could be that it hasn't sneaked passed the scans and is still there in some form.


  • Damo1701 likes this

gallery_30308_3239_193.pnggallery_30308_9518_1600.pnggallery_30308_3239_17729.pnggallery_30308_3239_4912.pngETL_Medal_04.gif
Painting Oaths Completed:
gallery_30308_3239_28.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_84.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gif
gallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gif
In the grim predictability of online 40k, there can be only Sun Tzu quotes

SM Cataphractii | IG Commissar | CSM Daemonettes | =][= Inquisitor | AM Knight | DE Sslyth

#10
Damo1701

Damo1701

    +FRATER DOMUS+

  • + FRATER DOMUS +
  • 1,651 posts
  • Gender:Male
  • Location:Ipswich Suffolk UK
  • Chapter Name: Ravenguard

Yup, cache and temporary files were wiped twice.

 

It's odd, I'll give it that.  

 

I know chrome is clean, and, I'll run daily scans/sweeps now I've found something that can find rogue registry entries.

 

If needs be, and I find it is something definite on my end, I'll update again.

 

Otherwise, I'll put up with it for as long as it happens :)


  • Prot and WarriorFish like this
Talons_Reach_MC.jpgOsHHotE.jpgDamo_RG_Tag.pngHHot_H_Damo1701.jpg

#11
Prot

Prot

    ++ EQUES AEDITUUS ++

  • ++ MODERATI ++
  • 11,212 posts
  • Gender:Male
Just for the sake of elimination, let's go back to what I mentioned earlier about browser hi-jacks that can't be removed from browser reinstalls and cache clearing attempts.

What I would do after a clean reboot is make sure your current user 'run' items show absolutely nothing out if the ordinary. (Or run msconfig as admin. There are lots of tutorials on this if you are new to it) I don't advice going in the registry if you are at all uncomfortable with the idea (this can really damage your system) then just skip it.

Then after a reboot and verification in task manager that you have nothing goofy running, do not run chrome. Run something like IE for this experiment. Go to the pages that are triggering redirects with IE.

If you do not experience redirects (ie is usually compromised differently through Active X ) then this tells you the browser is compromised in a way I mentioned earlier. If you still get redirects this means your os is likely still compromised.

The problem in that case can be as simpl as waiting for MBAM to have the correct pattern file ( which may not happen) or consider a reimage after data backup. The problem with a restore ( if you have tried it already) is often the restore partition is compromised as well with files that can change names and / or locations.

Try a completely unique browser (but do not load the problematic browser at all) and go from there.

Edited by Prot, 22 May 2017 - 04:15 PM.

  • Damo1701 and WarriorFish like this

#12
Damo1701

Damo1701

    +FRATER DOMUS+

  • + FRATER DOMUS +
  • 1,651 posts
  • Gender:Male
  • Location:Ipswich Suffolk UK
  • Chapter Name: Ravenguard

Phew...

 

That was an intense evening...

 

Well, fingers crossed, I think I might have it now, if it was something on my end.  

 

I had an odd experience with Chrome on my (now not used) iPhone, where, without signing into Chrome, I got some funky happenings while trying to access the B&C, yet my Samsung phone is completely fine.  Safari on the iPhone had a similar issue to chrome, but the iPhone is being wiped anyway, as I only use it for games.

 

I've cleaned and been through every possible hidden folder, using google to tell me what I need to keep etc, and both MSConfig and Task Manager came up clean on the laptop.  Booting into Safe Mode with Network access and using edge gave me a clean experience, as did trialling Safari and FireFox (how I hate that browser).  Last 2 MWB scans came up clean.  So, a very strange series of events.  For giggles, and to see whether I needed a totally clean install from a formatted drive, I loaded chrome up after trialling the other browsers, and not a huge amount happened.  Every component of Chrome I could find came up clean, as did some random-looking files that are actually required by windows.

 

Cheers for the advice guys, it is appreciated.  Either I managed to find whatever was hiding in my system, or MWB is doing its job.


  • Prot likes this
Talons_Reach_MC.jpgOsHHotE.jpgDamo_RG_Tag.pngHHot_H_Damo1701.jpg

#13
Prot

Prot

    ++ EQUES AEDITUUS ++

  • ++ MODERATI ++
  • 11,212 posts
  • Gender:Male

Good job. Let's hope for the best!


  • Damo1701 likes this

#14
WarriorFish

WarriorFish

    ++ PRÆFECT SOCIORUM ++

  • +++ADMINISTRATUM+++
  • 18,036 posts
  • Gender:Male
  • Location:Blighty
  • Chapter Name: Hunter Legion

Looks like you're earning your red robe ;)


  • Prot, Damo1701 and Chaplain Dosjetka like this

gallery_30308_3239_193.pnggallery_30308_9518_1600.pnggallery_30308_3239_17729.pnggallery_30308_3239_4912.pngETL_Medal_04.gif
Painting Oaths Completed:
gallery_30308_3239_28.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_84.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_28.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_102.gif
gallery_30308_3239_42.gifgallery_30308_3239_102.gifgallery_30308_3239_42.gif
In the grim predictability of online 40k, there can be only Sun Tzu quotes

SM Cataphractii | IG Commissar | CSM Daemonettes | =][= Inquisitor | AM Knight | DE Sslyth




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users